Hello Colm,

I created the keystore using standard java keytool command. I am not sure how to create a BKS keystore.
When I tried using sha256 signature algorithm (by configuring signatureAlgorithm in the interceptor via CXF)with Merlin, I ran into algorithm not supported exception. sha1 signature algorithm worked properly.
Doesn't merlin support sha256 signature  algorithm?
Do I need to use bouncy castle in this case?
Could you please help me out with it?

Thanks,
Giriraj.

On Feb 24, 2014 5:37 AM, "Colm O hEigeartaigh" <coheigea@apache.org> wrote:

With BouncyCastle, the Keystore type must be "BKS", so:

org.apache.ws.security.crypto.merlin.keystore.type=BKS

Note that the keystore itself must be compatible with BouncyCastle JKS implementation.

Colm.


On Fri, Feb 21, 2014 at 10:44 PM, Giriraj Bhojak <giriraj2k@gmail.com> wrote:
Hello Colm,

I didn't have any success using above properties.
I got following:
    ... 2 more
Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials.
    at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:376)
    at org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
    at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
    at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
    ... 17 more
Caused by: java.security.KeyStoreException: KeyStore jks implementation not found
    at java.security.KeyStore.getInstance(KeyStore.java:122)
    at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:362)
    ... 20 more
Caused by: java.security.KeyStoreException: KeyStore jks implementation not found
    at java.security.KeyStore.getInstance(KeyStore.java:150)
    at java.security.KeyStore.getInstance(KeyStore.java:120)
    ... 21 more

It was working with Merlin earlier. Here is my properties file:
org.apache.ws.security.crypto.merlin.keystore.file=sample.jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.alias=alias1
org.apache.ws.security.crypto.merlin.keystore.provider=BC
org.apache.ws.security.crypto.merlin.cert.provider=BC

I have bcprov-jdk12-130.jar on the classpath.

Could you please help me find out what I am doing wrong here?

Thanks,
Giriraj.


On Tue, Feb 18, 2014 at 8:39 AM, Colm O hEigeartaigh <coheigea@apache.org> wrote:
You can use BouncyCastle with the Merlin Crypto implementation. Simply add the property:

org.apache.ws.security.crypto.merlin.keystore.provider=BC
org.apache.ws.security.crypto.merlin.cert.provider=BC

Colm.


On Tue, Feb 18, 2014 at 1:27 PM, Giriraj Bhojak <giriraj2k@gmail.com> wrote:

We have a specific requirement to use Bouncy Castle in the project.
Does this mean we can't use Bouncy Castle at all in the latest version of wss4j?

Thanks,
Giriraj.

On Feb 18, 2014 4:51 AM, "Colm O hEigeartaigh" <coheigea@apache.org> wrote:

From what I recall, there was essentially little difference between the Merlin and BouncyCastle Crypto implementations, hence the latter was removed in WSS4J 1.6.x. Why do you need to use the BouncyCastle implementation, i.e. what is the Merlin implementation not doing for you?

Colm.


On Mon, Feb 17, 2014 at 7:56 PM, Giriraj Bhojak <giriraj2k@gmail.com> wrote:
Hello,

I need to use Bouncy Castle provider with WSS4J 1.6.13.
Merlin is used by default since 1.6.x.
Could anyone explain why this was done?
I mean was there something with Bouncy Castle that prompted this change?

And is following set of keys the right way to use Bouncy Castle with WSS4J (found this from https://community.oracle.com/thread/1529571?tstart=1872)?


org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle
org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=alias
org.apache.ws.security.crypto.merlin.alias.password=password


Regards,
Giriraj.



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com